The objective of this research is to develop new forms of tool-supported safety analyses for next-generation integrated medical systems that are based on the concept of medical application platforms (MAP). A MAP is a safety- and security- critical real-time computing platform for (a) integrating heterogeneous devices, medical IT systems, and information displays via a communication infrastructure and (b) hosting application programs ("apps") that provide medical utility via the ability to both acquire information from and update/control integrated devices, IT systems, and displays. The intellectual merit of the project lies in developing novel forms of hazard analyses (one of the primary forms of analysis used in safety critical systems) that can overcome the unique challenges posed by MAP-based systems. The project will develop tool support that will (a) integrate hazard analyses with architectural models of MAP-based systems and (b) provide significant automation of analysis steps. In consultation with engineers from the Food and Drug Administration (FDA), the project will construct mock risk management and regulatory artifacts associated with MAP apps. The impact of this work centers around helping FDA engineers understand the architectural and safety issues associated with MAPs and identifying best practices that can lead to high assurance of MAP-based medical systems. Additionally, the project will produce concrete hazard analysis examples that will provide science-based inputs into the design of a new regulatory approach and industry safety standards that support compositional regulation of heterogeneous multi-vendor MAP-based systems.

This project focuses on designing control mechanisms for a networked system with unknown structure by making use only of non-invasive observations. By non-invasive observations, it is meant that what is being measured is not the system reaction to actively injected inputs, but rather the system behavior when it is operating under standard conditions and subject to potentially unobservable forcing signals. The capability of designing controllers based only on non-invasive observations is of paramount importance for any large scale network fulfilling critical or uninterruptible functions (i.e., a power grid, a logistic system) or in situations where it is impractical or too expensive to inject known probing signals into the system (i.e., a gene network, a financial network). Other relevant applications are in medicine (i.e., repeated drug testing, computer- assisted anesthesia). Indeed, in these cases, for obvious safety and health concerns, it is not desirable to actively test the response of a patient to a different drug dosage or treatment, if comparably useful information could be inferred from non-invasive observations. Since non-invasive observations do not always provide full information about the network's configuration, the project will also consider how to define adequate control mechanisms that are robust with respect to uncertainties in the connectivity structure. These kinds of uncertainties are not typically considered in standard techniques for control design and the development of specific methodologies is required. Combined with the capability of adapting to changes in the network's configuration, these control techniques will provide a solid foundation for the realization of a self-healing system. This project will bridge together different areas, including statistics, computer science, and control theory with a single unifying framework. New courses will be created to facilitate communication among all these communities of researchers, advancing separate fields in a multidisciplinary way.

Effective integration of large amounts of renewable energy into the grid is of utmost importance for sustainable future and greener smart cities. Due to the unpredictable variations in weather, over 80% of the available renewable energy from solar and wind sources cannot be harnessed effectively. Large scale and cost-effective integration of photovoltaic energy into the smart grid is challenging due to: (a) unpredictability and intermittency of weather pattern, (b) fast morning ramp up and afternoon ramp down of solar generation that triggers instabilities in the grid, (c) unavailability of solar generation at sun down requiring the need for locational energy storage facilities, and (d) lack of technologies for efficient and intelligent on-demand sharing of solar generation with conventional power generation in the grid. Current technologies of solar integration are based on unreliable weather prediction and ineffective load sharing that make the overall grid performance unreliable and inefficient, thus necessitating the need for a broader outlook of the whole picture. This research brings a holistic vision of the future smart grid as a synergistic integration of its various components with novel computational tools for forecasting and intelligent load sharing with distributed energy storage. The study collects real-time Photovoltaic (PV) data from the plant, conducts high-end modeling, analysis and visualization on various datasets to understand, predict and mitigate the system instabilities and fluctuations triggered by PV intermittencies. This solution can be used in the planning process at the command and control centers for electric utilities. The developed approach, which is an adaptive, resilient, efficient and effective integration of renewables, will be applicable broadly in the energy sector thereby reducing carbon footprint and making the system stable under expected high penetration of renewable sources and unanticipated intermittencies. This solution fills the gap that will help our nation steer closer to the ultimate goal of a sustainable future involving a smart clean power grid. This project will pursue several outreach activities to engage with students from underrepresented groups.

Each commuter in the United States lost on average $818 in 2015 due to congestion. More than 66% of congestion happens on city streets. The situation is steadily getting worse as the number of cars on roads increases and is expected to double by 2050. Solving the mobility problem by building new roads is not feasible. Instead, we need to use emerging technologies such as intelligent transportation systems; connected vehicles and autonomous vehicles; and new services, e.g. car sharing, ride on demand, last mile delivery services, to improve transportation efficiency on city streets. To that end, we are developing Traffic Operating System (TOS) that utilizes the existing computation, communication and automotive technologies and facilitates the deployment of new ones. TOS will increase the throughput of the urban transportation network; reduce intersection accidents by preventing red-light running and rear end collisions; and make traffic behavior more predictable, reliable and efficient. Regions that invest in a TOS could see a return on their investment in reduced transportation network and infrastructure costs, and in enhanced business and economic growth. This project will advance research in several areas of Technology for and Engineering of Cyber-Physical System (CPS). We will develop new design, analysis, and verification tools for TOS, which will embody the scientific principles of CPS, rely on extensive use of heterogeneous sensors, large-scale data collection and processing, and will actively control the dynamics of a transportation network. We will field-test traffic estimation and prediction models using sensor measurement and signal timing data from the cities of Pasadena, Sierra Madre and Arcadia in Southern California. Field test of the combined vehicle-level and traffic-flow-level control, using actual connected vehicles and vehicle-to-infrastructure (V2I) communication with a signalized intersection, will be conducted in the transition to practice (TTP) component of our project. The synergistic combination of research activities will yield novel scientific, technological and practical engineering implementation results in the design, state estimation, forecasting and control of CPS that involve transportation flows on networks. The investigators in this project plan to develop, simulate and test, through targeted vehicle and roadway infrastructure field test experiments, a traffic operating system that organizes existing computation, communication and automotive technologies to: (1) minimize congestion by increasing traffic throughput; (2) enhance safety by reducing driver errors through the use of cooperative adaptive cruise control (CACC) strategies that significantly increase arterial traffic throughput while preserving safety; and (3) contain the cost of parking by minimizing the number of idle vehicles and the number of vehicles searching for parking. These goals are achieved through integration of traffic measurements with the traffic management on vehicle, road link and network levels, making effective use of a dynamic traffic model and simulation. The project will demonstrate how three levels of traffic control are interconnected and we will develop new simulation and control design techniques that receive each other's output as feedback signals.

Software-Defined Control (SDC) is a revolutionary methodology for controlling manufacturing systems that uses a global view of the entire manufacturing system, including all of the physical components (machines, robots, and parts to be processed) as well as the cyber components (logic controllers, RFID readers, and networks). As manufacturing systems become more complex and more connected, they become more susceptible to small faults that could cascade into major failures or even cyber-attacks that enter the plant, such as, through the internet. In this project, models of both the cyber and physical components will be used to predict the expected behavior of the manufacturing system. Since the components of the manufacturing system are tightly coupled in both time and space, such a temporal-physical coupling, together with high-fidelity models of the system, allows any fault or attack that changes the behavior of the system to be detected and classified. Once detected and identified, the system will compute new routes for the physical parts through the plant, thus avoiding the affected locations. These new routes will be directly downloaded to the low-level controllers that communicate with the machines and robots, and will keep production operating (albeit at a reduced level), even in the face of an otherwise catastrophic fault. These algorithms will be inspired by the successful approach of Software-Defined Networking. Anomaly detection methods will be developed that can ascertain the difference between the expected (modeled) behavior of the system and the observed behavior (from sensors). Anomalies will be detected both at short time-scales, using high-fidelity models, and longer time-scales, using machine learning and statistical-based methods. The detection and classification of anomalies, whether they be random faults or cyber-attacks, will represent a significant contribution, and enable the re-programming of the control systems (through re-routing the parts) to continue production. The manufacturing industry represents a significant fraction of the US GDP, and each manufacturing plant represents a large capital investment. The ability to keep these plants running in the face of inevitable faults and even malicious attacks can improve productivity -- keeping costs low for both manufacturers and consumers. Importantly, these same algorithms can be used to redefine the production routes (and machine programs) when a new part is introduced, or the desired production volume is changed, to maximize profitability for the manufacturing operation .

Software-Defined Control (SDC) is a revolutionary methodology for controlling manufacturing systems that uses a global view of the entire manufacturing system, including all of the physical components (machines, robots, and parts to be processed) as well as the cyber components (logic controllers, RFID readers, and networks). As manufacturing systems become more complex and more connected, they become more susceptible to small faults that could cascade into major failures or even cyber-attacks that enter the plant, such as, through the internet. In this project, models of both the cyber and physical components will be used to predict the expected behavior of the manufacturing system. Since the components of the manufacturing system are tightly coupled in both time and space, such a temporal-physical coupling, together with high-fidelity models of the system, allows any fault or attack that changes the behavior of the system to be detected and classified. Once detected and identified, the system will compute new routes for the physical parts through the plant, thus avoiding the affected locations. These new routes will be directly downloaded to the low-level controllers that communicate with the machines and robots, and will keep production operating (albeit at a reduced level), even in the face of an otherwise catastrophic fault. These algorithms will be inspired by the successful approach of Software-Defined Networking. Anomaly detection methods will be developed that can ascertain the difference between the expected (modeled) behavior of the system and the observed behavior (from sensors). Anomalies will be detected both at short time-scales, using high-fidelity models, and longer time-scales, using machine learning and statistical-based methods. The detection and classification of anomalies, whether they be random faults or cyber-attacks, will represent a significant contribution, and enable the re-programming of the control systems (through re-routing the parts) to continue production. The manufacturing industry represents a significant fraction of the US GDP, and each manufacturing plant represents a large capital investment. The ability to keep these plants running in the face of inevitable faults and even malicious attacks can improve productivity -- keeping costs low for both manufacturers and consumers. Importantly, these same algorithms can be used to redefine the production routes (and machine programs) when a new part is introduced, or the desired production volume is changed, to maximize profitability for the manufacturing operation .

Modern systems such as the electric smart grid consist of both cyber and physical components that must work together; these are called cyber-physical systems, or CPS. Securing such systems goes beyond just cyber security or physical security into cyber-physical security. While the threats multiply within a CPS, physical aspects also can reduce the threat space. Unlike purely cyber systems, such as the internet, CPS are grounded in physical reality. In this project, this physical reality is used to limit an attacker's ability to disrupt the system by limiting his/her ability to lie about his/her actions; if an attacker is inconsistent with physical reality, his/her actions are detectable and damage his/her reputation for future interactions with the system. The impacts of this work are far-reaching, as it creates a basis for developing inherently security CPS for not only the electric smart grid, but also advanced transportation and building environmental systems. A new generation of interdisciplinary scientists and engineers are being trained through this research. This project formulates a novel methodology that incorporates knowledge from both the cyber and physical domains into a distributed algorithm and ensures the trustworthiness, thus security, of the composed system. Metrics for security are also derived and rest on logical invariants that express correctness. The invariants either check the validity of a local action or the accuracy of remote data. They may be used as guards against an action, or may be incorporated into a dynamic reputation-based algorithm. As a testbed, a multilateral energy system on an electrical network will be studied. Preliminary studies of this system have resulted in algorithms that isolate malicious nodes within the context of a single algorithm, using a reputation metric that compares cyber information flows to physically measurable signals. The work will be extended to other algorithms and other related power systems, a generalizable framework will be developed, and more complete metrics will be derived. The project has important broader impact. It develops new approaches for securing critical infrastructure based on both and cyber and physical system aspects. The project also includes graduate and undergraduate involvement in cyber-physical systems research and design through involvement with testbeds and the Missouri Science and Technology Solar House team which designs and constructs houses for competition in the US Department of Energy Solar Decathlon.

Modern systems such as the electric smart grid consist of both cyber and physical components that must work together; these are called cyber-physical systems, or CPS. Securing such systems goes beyond just cyber security or physical security into cyber-physical security. While the threats multiply within a CPS, physical aspects also can reduce the threat space. Unlike purely cyber systems, such as the internet, CPS are grounded in physical reality. In this project, this physical reality is used to limit an attacker's ability to disrupt the system by limiting his/her ability to lie about his/her actions; if an attacker is inconsistent with physical reality, his/her actions are detectable and damage his/her reputation for future interactions with the system. The impacts of this work are far-reaching, as it creates a basis for developing inherently security CPS for not only the electric smart grid, but also advanced transportation and building environmental systems. A new generation of interdisciplinary scientists and engineers are being trained through this research. This project formulates a novel methodology that incorporates knowledge from both the cyber and physical domains into a distributed algorithm and ensures the trustworthiness, thus security, of the composed system. Metrics for security are also derived and rest on logical invariants that express correctness. The invariants either check the validity of a local action or the accuracy of remote data. They may be used as guards against an action, or may be incorporated into a dynamic reputation-based algorithm. As a testbed, a multilateral energy system on an electrical network will be studied. Preliminary studies of this system have resulted in algorithms that isolate malicious nodes within the context of a single algorithm, using a reputation metric that compares cyber information flows to physically measurable signals. The work will be extended to other algorithms and other related power systems, a generalizable framework will be developed, and more complete metrics will be derived. The project has important broader impact. It develops new approaches for securing critical infrastructure based on both and cyber and physical system aspects. The project also includes graduate and undergraduate involvement in cyber-physical systems research and design through involvement with testbeds and the Missouri Science and Technology Solar House team which designs and constructs houses for competition in the US Department of Energy Solar Decathlon.

The design of smart electric grids and buildings that automatically optimize their energy generation and consumption is critical to advancing important societal goals, including increasing energy-efficiency, improving the grid's reliability, and gaining energy independence. To enable such optimizations, smart grids and buildings increasingly rely on Internet-connected sensors in smart devices, including digital electric meters, web-enabled appliances and lighting, programmable outlets and switches, and intelligent HVAC systems. However, a key barrier to the broad adoption of energy-related optimizations is that prior work has shown that Internet-connected sensors inadvertently leak sensitive private information about user behavior. For example, a high or variable home energy usage typically correlates with a home being occupied. To address the problem, this research will design low-cost, non-intrusive, privacy-enhancing techniques that reduce the sensitive information leaked through smart sensor-driven devices, while still permitting the sophisticated analytics, control, and verification necessary to enable energy optimizations for smart grids and buildings. The research includes developing both consumer- and utility-driven mechanisms to preserve sensor-data privacy. The consumer-driven mechanisms leverage batteries, elastic appliances, noise injection, and renewable energy sources to obfuscate private information in externally visible energy usage data at low cost. The utility-driven mechanisms leverage cryptographic techniques within the devices themselves to enable utilities to implement critical electric grid optimizations, such as demand response, time-of-use billing, and fault localization, without requiring consumers to provide utilities, or other third-parties, with their raw sensor data. The research also develops an approach to controllable privacy, which enables users to control the amount of information smart devices leak to third parties. In this case, consumers voluntarily use smart devices, which are able to verify that consumers engage in some particular energy-efficient behavior without directly revealing sensitive information. The research includes implementing and evaluating the techniques in a prototype programmable building, which includes programmable smart devices, batteries, and renewable energy sources. The research and prototype provide awareness of smart grid privacy and its implications on public policy, and contribute to both graduate courses on smart grids and energy, as well as undergraduate research projects.

Cyber-Physical Systems (CPS) integrate devices that can interact with each other and the physical world around them. With CPS applications, engineers monitor the structural health of highways and bridges, farmers check the health of their crops, and ecologists observe wildlife in their natural habitat. Using sensory side-channels (e.g., light, temperature, infrared, acoustic), an adversary can successfully attack CPS devices and applications by (1) triggering existing malware, (2) transferring malware, (3) combining multiple side-channels to increase the impact of a threat, or (4) leaking sensitive information. This project develops novel security tools and techniques to protect CPS devices and applications against sensory side-channel threats. The project results are released as an open source project, so interested software developers can extend and reuse them in other CPS research. Broader impacts include educational training and tools for the CPS field, and a collaboration with the Miami-Dade County Public Schools (M-DCPS), to expose underrepresented middle school students to state-of-the art technology topics to pique students' interests in cyber-security and cyber-physical systems. The project investigates the sensory side-channel (e.g., acoustic, seismic, light, temperature) threats to CPS devices and applications and evaluates the feasibility and practicality of the attacks on real CPS equipment. The result is novel sensory side-channel-aware security tools and techniques for the CPS devices. Specifically, the principal investigator (1) analyzes the physical characteristics of the sensory CPS side-channels to understand how the physical world impacts the cyber world of CPS devices; (2) investigates the information leakage through the sensory side-channels on the CPS devices; (3) develops a novel IDS particularly designed to be aware of the sensory CPS side-channels; (4) designs and develops a CPS security testbed for test and experiments on real equipment and simulation tools.